Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/hKhvH0gYFip_D3EtryZt3OGoR_E.roa
File:                     hKhvH0gYFip_D3EtryZt3OGoR_E.roa (raw, json)
Hash identifier:          0KwsowhRJD57SELQRFOdBEcWZBnm7BBTsvnfac8JcRU=
Subject key identifier:   84:A8:6F:1F:48:18:16:2A:7F:0F:71:2D:AF:26:6D:DC:E1:A8:47:F1
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       018CC72753B9BDA6438D10837A208C5EBB2B
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/hKhvH0gYFip_D3EtryZt3OGoR_E.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207834
IP address blocks:        2a0e:3940:3200::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:53:b9:bd:a6:43:8d:10:83:7a:20:8c:5e:bb:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84a86f1f4818162a7f0f712daf266ddce1a847f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:73:f1:18:c0:69:e9:55:0e:00:e3:14:e7:da:
                    c5:bb:f2:9e:d6:33:ae:63:2c:57:b9:f3:aa:0f:8a:
                    db:3f:36:04:01:94:d9:ef:ab:f5:05:84:bb:07:70:
                    dd:6f:d6:20:8b:26:e0:e7:7d:99:8c:7c:90:da:e9:
                    7a:e5:ae:94:70:79:e3:23:cf:be:e9:22:06:79:2a:
                    02:d4:c8:32:f3:db:08:88:51:99:e2:0e:90:6a:0b:
                    83:51:2e:1c:eb:ea:f1:99:c7:cd:1e:8f:92:5a:7e:
                    03:da:9a:b3:55:9a:02:97:96:85:e3:a6:a4:21:95:
                    08:33:98:96:ae:7b:16:65:df:a1:5b:e1:a7:20:62:
                    75:30:0e:7c:b1:81:7e:f9:50:85:37:ec:51:93:5c:
                    4d:12:f0:31:ec:31:60:00:38:73:33:cb:1a:a8:7a:
                    4b:89:e3:9d:f9:76:1e:4a:d0:8d:b8:ab:48:b1:2e:
                    4e:81:18:4d:3e:b1:6c:21:9f:16:22:59:8b:90:02:
                    4f:c5:99:7d:2f:58:32:4f:d9:4e:3f:91:22:3b:94:
                    33:69:5c:7d:0c:f8:b9:d3:1f:4b:f7:21:4b:55:8f:
                    8b:b8:71:3f:85:f7:ac:6a:28:f5:0e:98:05:4f:b9:
                    9a:a3:84:9a:0f:81:50:9e:ad:5f:b8:fa:45:dd:45:
                    23:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A8:6F:1F:48:18:16:2A:7F:0F:71:2D:AF:26:6D:DC:E1:A8:47:F1
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/hKhvH0gYFip_D3EtryZt3OGoR_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:3940:3200::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:12:12:0e:c7:59:8d:f3:39:1b:c7:5c:81:50:b6:81:f7:21:
         fd:8a:11:e0:a2:37:e5:3e:ee:32:2d:ff:c5:c4:43:f4:2e:65:
         2a:4e:0c:17:09:86:42:22:fc:0a:11:32:29:dd:91:e6:d3:07:
         c1:a4:6f:f2:81:81:cb:bf:ea:d4:cc:51:f5:fc:1a:da:a1:59:
         25:27:db:13:e6:99:f3:0d:57:ba:4b:ae:6a:8e:67:ba:21:cd:
         13:e4:c8:61:6a:14:dc:26:19:2b:9e:da:8e:4e:81:7d:35:6a:
         47:36:93:05:0e:46:20:56:d7:e7:88:9f:3d:3b:9d:40:a6:4d:
         05:6d:25:b5:e4:b7:39:87:1c:b4:1c:cf:06:16:e1:37:eb:c3:
         dc:29:60:e1:77:7a:1d:31:c4:e6:52:b2:1e:31:2e:c9:dd:87:
         d6:ce:ba:8a:11:af:88:c0:23:b6:e9:86:7d:fb:8d:43:4d:51:
         09:d3:31:d7:91:e4:f9:a6:a2:79:f1:b0:29:39:35:f9:c6:30:
         ea:46:6b:5e:13:aa:63:0f:c4:c7:d8:41:e5:41:56:a4:7a:e3:
         5a:b6:0b:33:45:05:ee:17:77:1c:44:c4:cf:13:f6:16:67:62:
         eb:6f:c3:46:d4:5e:37:15:f8:3b:4e:3e:65:f4:77:0e:aa:b6:
         9a:88:89:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ1O5vaZDjRCDeiCMXrsrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGE4NmYxZjQ4MTgxNjJhN2YwZjcxMmRhZjI2NmRkY2UxYTg0N2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnPxGMBp6VUOAOMU59rFu/Ke1jOu
YyxXufOqD4rbPzYEAZTZ76v1BYS7B3Ddb9Ygiybg532ZjHyQ2ul65a6UcHnjI8++
6SIGeSoC1Mgy89sIiFGZ4g6QaguDUS4c6+rxmcfNHo+SWn4D2pqzVZoCl5aF46ak
IZUIM5iWrnsWZd+hW+GnIGJ1MA58sYF++VCFN+xRk1xNEvAx7DFgADhzM8saqHpL
ieOd+XYeStCNuKtIsS5OgRhNPrFsIZ8WIlmLkAJPxZl9L1gyT9lOP5EiO5QzaVx9
DPi50x9L9yFLVY+LuHE/hfesaij1DpgFT7mao4SaD4FQnq1fuPpF3UUjTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFISobx9IGBYqfw9xLa8mbdzhqEfxMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvaEtodkgwZ1lGaXBfRDNFdHJ5WnQzT0dvUl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg45QDIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAzEhIOx1mN8zkbx1yBULaB9yH9ihHgojflPu4y
Lf/FxEP0LmUqTgwXCYZCIvwKETIp3ZHm0wfBpG/ygYHLv+rUzFH1/BraoVklJ9sT
5pnzDVe6S65qjme6Ic0T5MhhahTcJhkrntqOToF9NWpHNpMFDkYgVtfniJ89O51A
pk0FbSW15Lc5hxy0HM8GFuE368PcKWDhd3odMcTmUrIeMS7J3YfWzrqKEa+IwCO2
6YZ9+41DTVEJ0zHXkeT5pqJ58bApOTX5xjDqRmteE6pjD8TH2EHlQVakeuNatgsz
RQXuF3ccRMTPE/YWZ2Lrb8NG1F43Ffg7Tj5l9HcOqraaiIn9
-----END CERTIFICATE-----